CVE-2021-4048

CRITICAL

Lapack <3.10.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

References (9)

Core 9
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/Reference-LAPACK/lapack/pull/625
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/JuliaLang/julia/issues/42415

Scores

CVSS v3 9.1
EPSS 0.0036
EPSS Percentile 58.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (13)
fedoraproject/fedora 34
fedoraproject/fedora 35
julialang/julia 1.7.0 beta1 (5 CPE variants)
julialang/julia < 1.6.3
lapack_project/lapack < 3.10.0
openblas_project/openblas < 0.3.18
redhat/ceph_storage 2.0
redhat/ceph_storage 3.0
redhat/ceph_storage 4.0
redhat/ceph_storage 5.0
... and 3 more
Published Dec 08, 2021
Tracked Since Feb 18, 2026